| # Copyright (c) 2018-2019, The Linux Foundation. All rights reserved. |
| # |
| # Redistribution and use in source and binary forms, with or without |
| # modification, are permitted provided that the following conditions are |
| # met: |
| # * Redistributions of source code must retain the above copyright |
| # notice, this list of conditions and the following disclaimer. |
| # * Redistributions in binary form must reproduce the above |
| # copyright notice, this list of conditions and the following |
| # disclaimer in the documentation and/or other materials provided |
| # with the distribution. |
| # * Neither the name of The Linux Foundation nor the names of its |
| # contributors may be used to endorse or promote products derived |
| # from this software without specific prior written permission. |
| # |
| # THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED |
| # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
| # Define domain |
| type vendor_vppservice, domain; |
| type vendor_vppservice_exec, exec_type, vendor_file_type, file_type; |
| |
| init_daemon_domain(vendor_vppservice) |
| |
| hal_server_domain(vendor_vppservice, vendor_hal_vpp) |
| |
| hal_attribute_hwservice(vendor_hal_vpp, vendor_hal_vpp_hwservice) |
| |
| binder_call(vendor_hal_vpp_client, vendor_hal_vpp_server) |
| binder_call(vendor_hal_vpp_server, vendor_hal_vpp_client) |
| |
| # allow vppservice to access adsprpcd |
| r_dir_file(vendor_vppservice, adsprpcd_file); |
| #get_prop(vendor_vppservice, adsprpc_prop) |
| |
| r_dir_file(vendor_vppservice, firmware_file); |
| |
| # allow access to vppservice (/data/vendor/vpp) |
| allow vendor_vppservice vendor_vpp_data_file:dir create_dir_perms; |
| allow vendor_vppservice vendor_vpp_data_file:file create_file_perms; |
| |
| # allow access to vppservice (/persist/vpp) |
| r_dir_file(vendor_vppservice, vendor_persist_vpp_file) |
| allow vendor_vppservice mnt_vendor_file:dir search; |
| |
| # allow vppservice to access ion, video device & qdsp_device |
| allow vendor_vppservice video_device:chr_file rw_file_perms; |
| allow vendor_vppservice vendor_qdsp_device:chr_file r_file_perms; |
| allow vendor_vppservice gpu_device:chr_file rw_file_perms; |
| allow vendor_vppservice vendor_dmabuf_system_heap_device:chr_file r_file_perms; |
| allow vendor_vppservice dmabuf_system_heap_device:chr_file r_file_perms; |
| allow vendor_vppservice vendor_membuf_dev:chr_file r_file_perms; |
| allow vendor_vppservice vendor_vm_cp_pixel_device:chr_file r_file_perms; |
| |
| # suppress xdsp denial, since it is expected |
| dontaudit vendor_vppservice vendor_xdsp_device:chr_file { open read ioctl }; |
| |
| # allow vppservice to access dsp read_prop |
| get_prop(vendor_vppservice, vendor_adsprpc_prop) |
| |
| hal_client_domain(vendor_vppservice, hal_graphics_allocator) |
| hal_client_domain(vendor_vppservice, vendor_hal_capabilityconfigstore_qti) |